Jamie Dimon says broad Mythos access is a “real issue,” but current evidence points to a narrower danger—vulnerability discovery may accelerate faster than banks and suppliers can safely patch, while access controls only buy time.
Jamie Dimon has put a vivid weapon metaphor around a real but more complicated cyber problem. The JPMorgan Chase chief executive is right that access matters. The available evidence says the more durable contest is whether defenders can turn a short head start into faster, safer remediation before comparable capabilities spread.
At Senator Dave McCormick’s Pennsylvania Defense and Innovation Summit on Wednesday, Dimon said the risks raised by Anthropic’s Mythos model were a “real issue” and that the US government was addressing them. He argued that advanced AI capabilities must be controlled.
“You're giving ballistic missiles to individuals with Mythos.”
The remark appears in an account of the appearance; an access-limited report likewise describes his concern as handing a sophisticated system to a wide audience. The analogy conveys the potential stakes of proliferation. It does not establish that Mythos has carried out a real-world attack, can operate like a physical weapon or can reliably defeat a well-defended bank without human help.
The concern is nevertheless grounded in a capability shift. Mythos can find and exploit software vulnerabilities, and the US government intervened after the release of Anthropic’s guarded Fable 5 and less-restricted Mythos 5. The government imposed export controls on June 12 that covered foreign nationals inside and outside the United States. Anthropic suspended both services globally because, it said, it could not verify nationality in real time. The controls were lifted on June 30, after which Fable returned globally and Mythos access was restored to a set of approved US organizations. That chronology is supported by reporting on the suspension and restoration and Anthropic’s own account.
JPMorgan sits on the privileged side of the current gate. It was an early Project Glasswing partner and has used Mythos to test its defenses and share findings with vendors and other companies. Dimon said in May that hundreds of people at the bank were working full time to strengthen its systems, according to an account of its preparations.
That access can provide a defensive head start, especially while many European and British banks remain outside the program. But the record does not show that Dimon was asking the government to preserve an advantage over smaller banks. One industry account of his remarks says he explicitly distinguished damage control from an effort to deny small banks access.
Nor is the system a clean split between a powerful private model and a weak public substitute. Anthropic describes Fable 5 and Mythos 5 as the same underlying model. Their main difference is the control layer:
| Service | Access and safeguards | Deployment economics |
|---|---|---|
| Fable 5 | Generally available; requests flagged as cybersecurity, biology and chemistry, or model distillation are routed to Claude Opus 4.8. Anthropic says more than 95% of sessions do not trigger a fallback. | $10 per million input tokens and $50 per million output tokens. |
| Mythos 5 | Available to a smaller trusted group with safeguards lifted in some areas, including cyber access for Project Glasswing partners. | The same token prices as Fable 5. |
Those are Anthropic’s product claims in its launch announcement, not independent performance guarantees. They still narrow the access thesis: most public sessions receive the same base model, while identity, topic classifiers, monitoring and fallback rules determine who gets its more sensitive capabilities.
The trusted group is also widening. Anthropic said Project Glasswing began with roughly 50 partners, then offered entry to about 150 additional organizations across more than 15 countries, subject to security requirements. The expansion includes power, water, health-care, communications and hardware organizations. The company also offers a separate public security product based on frontier models and makes some of its scanning tools available on request to trusted teams, according to its program update.
Token prices do not capture the full cost of defense. Long, agentic workflows can consume large volumes of tokens; cautious classifiers can block benign work; and finding a flaw begins a labor-intensive process of validation, prioritization, patching, testing and deployment. Access to a model is therefore neither free nor sufficient to produce resilience.
The government’s June intervention followed an Amazon report describing a way to bypass Fable’s safeguards. Anthropic said the prompted model identified several software vulnerabilities and, in one case, produced code demonstrating exploitation of a single flaw.
Anthropic later said less capable models—including Claude Opus 4.8, GPT-5.5 and Kimi K2.7—could identify the same vulnerabilities, while every model it tested could reproduce the exploit demonstration. It called the task routine defensive work rather than a unique Mythos-level capability and said a new classifier blocked the specific technique in more than 99% of cases. These assertions come from Anthropic’s post-incident explanation; the archived record does not include the underlying Amazon report or an independent reproduction.
The episode therefore supports two conclusions that pull in opposite directions. Safeguards can be bypassed and cannot be treated as perfect. But this reported bypass did not, on Anthropic’s evidence, unlock a capability unavailable from other models. It also exposed an operational weakness in the control regime: an immediate nationality rule forced a worldwide shutdown because Anthropic lacked real-time verification.
Anthropic says there is still no industry consensus for rating the severity of model jailbreaks. Its proposed framework would distinguish the capability gained, the breadth of that gain, the effort required to weaponize it and how easily the method can be discovered. Until developers and governments apply a common standard—and publish enough evidence to test their judgments—“bypass” alone says little about the resulting risk.
The Bank of England’s July financial-stability assessment is more measured than Dimon’s metaphor and more consequential than a debate over one product name. It says frontier models have completed multi-stage attacks against vulnerable, undefended test networks and can find and exploit weaknesses with little human input. It also cautions that those tests did not include active defenders.
The assessment says current evidence does not show that frontier models can conduct fully autonomous, reliable and undetected attacks on well-defended real-world targets. Separate evidence suggests leading systems still struggle to operate reliably, persistently and covertly in demanding conditions. Those limits may not last, but they matter when judging claims about present capability.
The nearer-term systemic risk is volume. If models sharply increase the number of known vulnerabilities, banks and suppliers must patch and validate changes much faster. Rushed fixes can create errors and outages of their own. The burden falls across legacy systems, third-party applications, open-source components and shared infrastructure; smaller firms may have less expertise and fewer resources to keep pace.
That redistributes the risk away from a simple contest between banks with and without Mythos. A common software provider, managed service, telecom network or power supplier can transmit disruption to many institutions at once. Even large banks with privileged model access remain exposed to the weakest shared dependency.
Access controls still have value. Closed models can be expensive to operate at scale, and guarded services may currently be easier for defenders than attackers to use. Yet the Bank says those barriers are more likely to delay misuse than prevent it. Safeguards can be bypassed, accounts or trusted access can be abused, inference costs have been falling, and open-weight models may trail the most advanced closed systems by only four to eight months.
This is also why the public-versus-private framing has a short shelf life. Anthropic itself forecasts in its program update that many competitors could have Mythos-class systems within six to 12 months and might release them without comparable safeguards. That is a company prediction, not a settled timetable, but it is consistent with the Bank’s warning that restrictions buy preparation time rather than permanent control.
European supervisors are already demanding operational answers. The European Central Bank has asked major eurozone banks for action plans by October 31 after meetings about safeguards and cyber defenses, according to an account of the request. The decisive evidence will not be another weapons analogy or another vendor benchmark. It will be whether banks and their critical suppliers can demonstrate that they can safely absorb a persistently higher remediation load.
Three tests would clarify the central risk:
JPMorgan’s early access may help it prepare for those tests, but it cannot insulate the bank from common suppliers or weaker institutions. If the selected defenders use their lead to improve shared software, verification and recovery, controlled access may buy the wider system valuable time. If patching capacity and coordination do not improve, the access gate will have postponed the problem while comparable tools became cheaper and more widely available.
Get concise AI news and useful context from the Magica team.
Read the newsletterZhipu reportedly reached $1 billion in annual recurring revenue in July, roughly four times a March estimate, but the unconfirmed run rate is not annual sales and still sits far ahead of recognized cloud revenue while margins remain thin.
Anthropic’s 20-year lease gives TeraWulf a customer for 401 megawatts of future AI infrastructure, but rent starts only after delivery and the proposed utility deal passes power and grid costs to TeraWulf, leaving financing and project margin unresolved.
OpenAI has put conversations and Projects back in its redesigned ChatGPT desktop app and enabled cloud Work threads to move across devices, correcting the launch's biggest usability failures without merging local Work or Codex histories.
Twenty-nine countries signed an agreement creating WAICO as an independent intergovernmental organization, while China paired the launch with capacity-building offers that are not yet confirmed as WAICO programs.
Meta reportedly plans to put departing AWS compute executive Dave Brown to work on its data-center buildout, adding hyperscale operating experience while leaving any customer-facing cloud business conditional and undefined.
Moonshot AI has made Kimi K3 available through its apps and API, pairing a 2.8-trillion-parameter architecture with early frontier-level results, but the model's open-weight claim cannot be tested until its weights and technical report arrive.
CIA Director John Ratcliffe said US intelligence is consistent with an estimate that Russian recruits last 20 to 30 minutes on Ukraine’s battlefield, but the public trail leads to an unsourced claim about assault troops and does not establish a representative average.
China has paired a five-year AI training offer for developing countries with cooperation centers, a weather-warning rollout and a new 29-country organization. The package gives Beijing a platform for influence, but no budget, selection rules or delivery timetable has been published.
Nebius has arranged its first senior secured facility against an operating GPU deployment and one customer’s cash flows. The deal adds project-level debt to its expansion toolkit, but an unnamed customer and a larger rival financing limit what it proves about the rest of Nebius’s backlog.
Huawei publicly displayed a 16-cabinet Atlas 950 configuration rated at 1 EFLOPS in FP8, providing tangible evidence of its system-scale AI strategy while leaving price, power use and sustained workload performance undisclosed ahead of the full system's planned fourth-quarter release.
UK testing places leading open-weight models four to seven months behind selected closed-model cyber results, yet longer attack chains, U.S. benchmarks and mixed cost comparisons show why that interval is a warning signal rather than a universal capability clock.
Moonshot AI's Kimi K3 added to a global technology selloff with near-frontier performance, but unreleased weights, mixed cost comparisons and a recommended 64-accelerator deployment leave its effect on chip demand unresolved.
Two binding EU decisions require Google to give rival AI services comparable access to 11 Android features and offer eligible search competitors a restricted, anonymized dataset, but phased deadlines, certification, pricing and privacy safeguards leave the competitive effect unproven.
Databricks has signed a term sheet for a Coatue-led financing at a $188 billion valuation, while unidentified sources put the round at $3 billion. The proposed capital would deepen its push into AI governance, data agents and operational databases, but the transaction remains open and the company supplied no new operating figures.
OpenAI says a handful of GPT-5.6 Sol file-deletion reports most commonly involved Full Access without sandboxing or Auto-review. Its own evaluations show a more complicated risk picture, and the company has not yet published an incident rate or evidence that its promised safeguards stop the failure.
Netflix says generative AI workflows were used on roughly 300 titles in 2026, but its only quantified example tied to that disclosure covers 17 minutes and does not establish how much finished material, spending or labor changed across the slate.
A rogue browser extension can trigger Claude for Chrome’s fixed Gmail, Docs, Calendar and business workflows; the attack is constrained by default approvals but can run silently for users who enabled unattended action.
Gemini 3.5 Pro missed its expected June rollout. An anonymous-source account says a late-June data change fell short of Google's coding goals, but Google has confirmed only partner testing—not the reported cause, a new date, or public results and pricing.
Gold Eagle has begun collecting and prioritizing AI-discovered software vulnerabilities, but the voluntary federal clearinghouse has not disclosed results, operating rules or the resources that would turn findings into deployed fixes.
Google is bringing Gemini Omni editing and a reusable face-and-voice avatar to Vids, but the sharper distinction is account-level identity across Vids and Gemini rather than a new category of AI video; Vids already offered Veo generation and customizable avatars, while specialist rivals already sell digital presenters.